Sony CD DRM software settlement may cost it millions

Sony BMG may have to pay out millions of dollars to consumers after agreeing to settle a case brought by the US Federal Trade Commission over its music CDs’ digital right management (DRM) software.

Sony BMG may have to pay out millions of dollars to consumers after agreeing to settle a case brought by the US Federal Trade Commission over its music CDs’ digital right management (DRM) software.

Sony’s DRM was supposedly designed to limit piracy of its products.

While Sony had not admitted any legal violation as a result of the settlement, it had been charged with violating federal law, when it sold CDs without telling consumers that they contained software that limited the computer devices on which the music could be played.

The software also restricted the number of copies that could be made, and contained technology that monitored consumers’ listening habits to send them marketing messages.

According to the FTC, the software also exposed consumers to significant security risks and was unreasonably difficult to uninstall.

It was reported at the time of the DRM scandal that the software left a security backdoor in users’ PCs that could be exploited by remote hackers.

The settlement requires Sony BMG to clearly disclose limitations on consumers’ use of music CDs, bars it from using collected information for marketing, prohibits it from installing software without consumer consent, and requires it to provide a reasonable means of uninstalling that software.

The settlement also requires that Sony BMG allows consumers to exchange the affected CDs through to 31 June this year, and reimburse consumers for up to £79 to repair damage to their computers that they may have suffered in trying to remove the software.

“Installations of secret software that create security risks are intrusive and unlawful,” said FTC chairman Deborah Platt Majoras. “Consumers’ computers belong to them, and companies must adequately disclose unexpected limitations on the customary use of their products, so consumers can make informed decisions regarding whether to purchase and install that content,” she said.

As part of the settlement, Sony BMG is required to publish notices on its website describing the exchange and repair reimbursement programs.

Sony BMG is also required to provide financial inducements to retailers to return the CDs that create security problems for consumers’ computers.

For CDs already in its stock that are sold to retailers, Sony BMG is required to disclose on the product packaging the restrictions on use and the security vulnerabilities.

Finally, the settlement contains record-keeping and reporting provisions designed to allow the agency to monitor compliance with its order.

These marketing controls, along with the compensation measures, will mean that Sony will be left with a big tab for correcting its anti-piracy strategy.

US DoJ investigates Sony memory business

Comment on this article:



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Antivirus, firewall and IDS products



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...